Providing seamless access to digital services is a critical part of the IT team’s role in higher education (HE) and further education (FE). When a lecturer struggles to access wifi on a remote campus, or a student can’t work out how to access digital course materials quickly, the result is a barrier to learning and collaboration. In the research and education community, IT teams do the job of identifying these obstacles – and helping users to overcome them.
But after two years in which organisations have had to figure out how to provide online and blended learning in the hardest circumstances, the challenges are changing shape. Remote access to resources is as critical as it ever was; yet as students return to campuses, it will once again go hand in hand with collaboration across multiple academic sites.
At Jisc, we’ve worked hard in recent years to support single sign-on (SSO) technologies that help to support users – and make access to resources convenient. Both eduroam and the UK Access Management Federation, for example, are widely used in the UK research and education sector.
Both rely on the same principle: that a user’s authentication credentials are managed by their home organisation, which is in turn part of a trusted network. Because the identity provider (IdP) is trusted, service providers (SPs) can rely on information about the user (which organisation someone is associated with, or whether they are a student or staff member) so can allow seamless access to people who are authorised to access the specific resource.
Seamless learning and collaboration, in other words, depend on trust.
The rising need for trust and identity skills
All of this means that, in IT teams, specialist trust and identity middleware skills are often in demand. If you’re a Jisc member who sees the value of providing students seamless access to library resources, a popular option is to use the open source access management software, Shibboleth (a web-based, open-source implementation of the SAML standard). Rhys Smith, our chief technical architect for trust and identity, estimates that roughly 70% of entities registered in the UK Access Management Federation use Shibboleth.
Shibboleth is a wonderful thing, but it still has a reputation in some areas as being a “niche” capability. In practice, we’ve noticed that skills in configuring Shibboleth don’t always remain in a team’s organisational memory. When an upgrade is needed – or a similar trust and identity challenge related to eduroam – an FE or HE organisation may often realise that the person who once knew how to do it has left.
Often, the IT team is still capable of working the problem out for themselves, given enough time; but the days it would take would divert the team from other essential tasks. Meanwhile, the Shibboleth Consortium (of which Jisc is a principal member) notes that reliance on Shibboleth products continues to rise. In other words: this capability may seem niche, but when you need it, you really need it.
Build, Borrow and Bridge
It’s to solve challenges like this that we offer our trust and identity retained expertise service. At Jisc, we’ve found that organisations have varying needs for trust and identity skills – and sometimes the use case may change over time.
For example, in our work with Abingdon and Witney College, the college needed Shibboleth skills as part of its work to deploy a third-party “discovery system”, helping to offer easier access to online resources. They were able to ‘borrow’ our specialist consultants, and keep them on hand after to keep things running smoothly.
When we worked with New College of Humanities (NCH) in London, meanwhile, it was to help offer access to content hosted in the US, after an international merger. They took a similar ‘borrow’ approach.
And for other organisations, uses of the service have included implementing govroam, the zero-touch roaming service, so that public-sector workers can seamlessly use wifi. For those looking to build and bridge – we provide specialist trust and identity training.
Demands on IT teams
From the point of view of Jisc, we recognise that FE and HE organisations will have their own trust and identity requirements, which are not always predictable – and that demands can be ongoing because deadlines on IT teams may come thick and fast.
So we help the community to help plug the gaps by providing specialist trust and identity support, offering our retained expertise consultancy service. But we also help build skills (in the form of eduroam clinics, for example) and support the development of critical community projects; that’s why we’re principal members of the Shibboleth Consortium, and of course as the national research and education network for the UK, we host the National Radius Proxy Service, the core of the eduroam infrastructure in the UK.
This collective approach can go a long way to solving the challenges faced by individual organisations – so that when it comes to supporting learning, secure authentication is underpinned by mutual trust.
You can visit the website to learn more about our retained expertise service. For more information about how we can support your team, or for any other questions, please contact trustandidentity@jisc.ac.uk